8 matches found
GO-2024-3078 LF Edge eKuiper has a SQL Injection in sqlKvStore in github.com/lf-edge/ekuiper
LF Edge eKuiper has a SQL Injection in sqlKvStore in github.com/lf-edge/ekuiper...
SQL Injection
github.com/lf-edge/ekuiper is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation in the Get method of sqlKvStore, which allows the execution of malicious SQL queries...
LF Edge eKuiper has a SQL Injection in sqlKvStore
Summary A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. Details I will use explainRuleHandler "/rules/name/explain" as an example to illustrate. However, this vulnerability also exists in other methods such as...
PYSEC-2024-72
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
PT-2024-30563 · Lf Edge · Lf Edge Ekuiper
Name of the Vulnerable Software and Affected Versions: LF Edge eKuiper versions prior to 1.14.2 Description: A SQL Injection vulnerability exists in the sqlKvStore of LF Edge eKuiper, allowing the execution of malicious SQL queries via the Get method. This issue affects various handlers, includin...